active-directory-b2c-dotnet-webapp-and-webapi icon indicating copy to clipboard operation
active-directory-b2c-dotnet-webapp-and-webapi copied to clipboard

Published 20 hours ago verified publisher icon Azure-Samples

Refresh token

Open MINDoSOFT opened this issue 3 years ago • 2 comments

Using the sample tenant provided I am able to get an access token and a refresh token.

The access token expires in one hour and the refresh token in 14 days.

If I try to open the Tasks page after the access token has expired, I am redirected to the b2clogin page, and a completely new access and refresh token are being retrieved.

This sounds different than what I expect after reading this.

I am expecting AcquireTokenSilent to use the refresh token to retrieve a new access token in the background.

Let me know if this is a problem with the sample or an issue with the library.

MINDoSOFT avatar Mar 10 '21 11:03 MINDoSOFT

@jmprieur it looks like when you change a configuration in the OpenIdConnectAuthenticationOptions this issue is fixed.

You need to set the UseTokenLifetime to false.

// ASP.NET web host compatible cookie manager
CookieManager = new SystemWebCookieManager(),
UseTokenLifetime = false

When you say token lifetime, it doesn't specify if it is the access token lifetime or the refresh token lifetime when it is present. And I am guessing this case is not handled by the OpenIdConnectAuthentication middleware.

MINDoSOFT avatar Mar 11 '21 14:03 MINDoSOFT

Thanks for the heads-up @MINDoSOFT

jmprieur avatar Mar 15 '21 13:03 jmprieur